package sp.util.shiro;

import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import sp.pojo.User;
import sp.service.UserService;


public class UserRealm extends AuthorizingRealm{
	
	
	@Autowired
	private UserService service;
	
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
		System.out.println("shiro认证成功---->开始授权");
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		//获取用户名
		String typeCode = arg0.toString();
		System.out.println("授权用户:"+typeCode);
		Set<String> roleSet = null;
		Set<String> permissionSet = null;
		try {
			roleSet = service.findRoles(typeCode);
			permissionSet = service.findPermissions(typeCode);
		} catch (Exception e) {
			throw new AuthorizationException("授权失败");
		}
		
		info.setRoles(roleSet);
		info.setStringPermissions(permissionSet);
		return info;
	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
		System.out.println("shiro认证中.......");
		//存储着用户输入的用户名和密码
		UsernamePasswordToken token =  (UsernamePasswordToken)arg0;
		User user = null;
		//和数据库用户的密码和用户匹配
		try{
			user = service.findUserByName(token.getUsername());
		} catch (Exception e) {
			throw new AuthenticationException("对不起,您没有权限访问");
		}
			
		if (null == user) {
			throw new UnknownAccountException("对不起,用户名不存在");
		}
		
		if (user.getIsStart() != 1) {
			throw new LockedAccountException("对不起,您的账号未激活或没有登录权限");
		}
		System.out.println("用户名合法,开始匹配密码....");
		//交给realm 使用凭证匹配器进行密码匹配
		//salt = name +salt
		//getName() realm's name
		return new SimpleAuthenticationInfo(user.getTypeCode(), user.getPassword(), ByteSource.Util.bytes(user.getTypeCode() + user.getSalt()), getName());
		
	}

	
	/**
	 * 存储用户的角色名称
	 * @param id 用户id
	 * @return
	 */
	/*private Set<String> getRoleSet(List<String> roleList) {
		Set<String> set = new HashSet<>();
		if(CollectionUtils.isEmpty(roleList))
			return set;
		
		for (String roleName : roleList) {
			set.add(roleName);
		}
		
		return set;
	}*/
	
	
	/**
	 * 存储用户的权限菜单
	 * @param uid
	 * @return
	 */
/*	private Set<String> getPermissionSet(List<String> menuList) {
		
		Set<String> set = new HashSet<>();
		
		if(CollectionUtils.isEmpty(menuList)) {
			return set;
		}
		
		for (String permission : menuList) {
			set.add(permission);
		}
		
		return set;
	}*/
	
	
	@Override
	protected void clearCache(PrincipalCollection principals) {
		super.clearCache(principals);
	}
	
    public void clearAllCachedAuthorizationInfo() {
        getAuthorizationCache().clear();
    }



    public void clearAllCachedAuthenticationInfo() {
        getAuthenticationCache().clear();
    }



    public void clearAllCache() {
        clearAllCachedAuthenticationInfo();
        clearAllCachedAuthorizationInfo();
    }
}
